破解PdSafe
日期:2005年4月14日 破解人:yijun———————————————————————————————————————————
【软件名称】:口令保管
【软件大小】: 188KB
【下载地址】:internet
【软件简介】:保存口令
【破解声明】:初学Crack,只是感兴趣,没有其它目的。失误之处敬请诸位大侠赐教!
【破解工具】:OD,VBExplorer,peid
———————————————————————————————————————————
【破解过程】:
peid侦察知道是“Microsoft Visual Basic 5.0 / 6.0”编写,无壳。VBExplorer替换关键字可以知道该软件玄机在以下代码处~~~~~~
00429930 55 push ebp //下断
00429931 8BEC mov ebp,esp
00429933 83EC 0C sub esp,0C
00429936 68 C6154000 push <jmp.&MSVBVM60.__vbaExceptHandler>
0042993B 64:A1 00000000mov eax,dword ptr fs:
00429941 50 push eax
00429942 64:8925 0000000>mov dword ptr fs:,esp
00429949 81EC C8000000 sub esp,0C8
0042994F 53 push ebx
00429950 56 push esi
00429951 57 push edi
00429952 8965 F4 mov dword ptr ss:,esp
00429955 C745 F8 D814400>mov dword ptr ss:,PdSafe.004014D8
0042995C 8B75 08 mov esi,dword ptr ss:
0042995F 8BC6 mov eax,esi
00429961 83E0 01 and eax,1
00429964 8945 FC mov dword ptr ss:,eax
00429967 83E6 FE and esi,FFFFFFFE
0042996A 56 push esi
0042996B 8975 08 mov dword ptr ss:,esi
0042996E 8B0E mov ecx,dword ptr ds:
00429970 FF51 04 call dword ptr ds:
00429973 8B16 mov edx,dword ptr ds:
00429975 33FF xor edi,edi
00429977 56 push esi
00429978 897D E8 mov dword ptr ss:,edi
0042997B 897D E4 mov dword ptr ss:,edi
0042997E 897D E0 mov dword ptr ss:,edi
00429981 897D DC mov dword ptr ss:,edi
00429984 897D D8 mov dword ptr ss:,edi
00429987 897D D4 mov dword ptr ss:,edi
0042998A 897D D0 mov dword ptr ss:,edi
0042998D 897D CC mov dword ptr ss:,edi
00429990 897D C8 mov dword ptr ss:,edi
00429993 897D B8 mov dword ptr ss:,edi
00429996 897D A8 mov dword ptr ss:,edi
00429999 897D 98 mov dword ptr ss:,edi
0042999C 897D 88 mov dword ptr ss:,edi
0042999F 89BD 78FFFFFF mov dword ptr ss:,edi
004299A5 89BD 44FFFFFF mov dword ptr ss:,edi
004299AB FF92 04030000 call dword ptr ds:
004299B1 50 push eax
004299B2 8D45 CC lea eax,dword ptr ss:
004299B5 50 push eax
004299B6 FF15 64104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
004299BC 8BD8 mov ebx,eax
004299BE 8D55 DC lea edx,dword ptr ss:
004299C1 52 push edx
004299C2 53 push ebx
004299C3 8B0B mov ecx,dword ptr ds:
004299C5 FF91 A0000000 call dword ptr ds:
004299CB 3BC7 cmp eax,edi
004299CD DBE2 fclex
004299CF 7D 12 jge short PdSafe.004299E3
004299D1 68 A0000000 push 0A0
004299D6 68 DC624000 push PdSafe.004062DC
004299DB 53 push ebx
004299DC 50 push eax
004299DD FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
004299E3 8B06 mov eax,dword ptr ds:
004299E5 56 push esi
004299E6 FF90 00030000 call dword ptr ds:
004299EC 8D4D C8 lea ecx,dword ptr ss:
004299EF 50 push eax
004299F0 51 push ecx
004299F1 FF15 64104000 call dword ptr ds:[<&MSVBVM60.__vbaObjSe>; MSVBVM60.__vbaObjSet
004299F7 8BF0 mov esi,eax
004299F9 8D45 D8 lea eax,dword ptr ss:
004299FC 50 push eax
004299FD 56 push esi
004299FE 8B16 mov edx,dword ptr ds:
00429A00 FF92 A0000000 call dword ptr ds:
00429A06 3BC7 cmp eax,edi
00429A08 DBE2 fclex
00429A0A 7D 12 jge short PdSafe.00429A1E
00429A0C 68 A0000000 push 0A0
00429A11 68 DC624000 push PdSafe.004062DC
00429A16 56 push esi
00429A17 50 push eax
00429A18 FF15 4C104000 call dword ptr ds:[<&MSVBVM60.__vbaHresu>; MSVBVM60.__vbaHresultCheckObj
00429A1E 8B55 D8 mov edx,dword ptr ss: ; 取机器码(016432652)->EDX
00429A21 8B1D 88114000 mov ebx,dword ptr ds:[<&MSVBVM60.__vbaSt>; MSVBVM60.__vbaStrMove
00429A27 8D4D D4 lea ecx,dword ptr ss:
00429A2A 897D D8 mov dword ptr ss:,edi
00429A2D FFD3 call ebx
00429A2F 8B4D DC mov ecx,dword ptr ss: ; 取假码->ECX
00429A32 8D55 D4 lea edx,dword ptr ss:
00429A35 51 push ecx ; 假码入栈
00429A36 52 push edx
00429A37 E8 D49FFFFF call PdSafe.00423A10 //跟进
00429A3C 8BD0 mov edx,eax ; EAX(103525702(注册码))->EDX
00429A3E 8D4D D0 lea ecx,dword ptr ss:
00429A41 FFD3 call ebx
00429A43 50 push eax
00429A44 FF15 A4104000 call dword ptr ds:[<&MSVBVM60.__vbaStrCm>; MSVBVM60.__vbaStrCmp
00429A4A 8BF0 mov esi,eax
00429A4C 8D45 D0 lea eax,dword ptr ss:
00429A4F F7DE neg esi
00429A51 8D4D DC lea ecx,dword ptr ss:
00429A54 50 push eax
00429A55 1BF6 sbb esi,esi
00429A57 8D55 D4 lea edx,dword ptr ss:
00429A5A 51 push ecx
00429A5B 46 inc esi
00429A5C 52 push edx
00429A5D 6A 03 push 3
00429A5F F7DE neg esi
00429A61 FF15 44114000 call dword ptr ds:[<&MSVBVM60.__vbaFreeS>; MSVBVM60.__vbaFreeStrList
00429A67 8D45 C8 lea eax,dword ptr ss:
00429A6A 8D4D CC lea ecx,dword ptr ss:
00429A6D 50 push eax
00429A6E 51 push ecx
00429A6F 6A 02 push 2
00429A71 FF15 30104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeO>; MSVBVM60.__vbaFreeObjList
00429A77 83C4 1C add esp,1C
00429A7A 66:3BF7 cmp si,di
00429A7D 0F84 7C010000 je PdSafe.00429BFF ; 关键跳
00429A83 E8 C88AFFFF call PdSafe.00422550
00429A88 66:8B15 28D0420>mov dx,word ptr ds:
00429A8F 52 push edx
00429A90 6A 01 push 1
00429A92 68 74D14200 push PdSafe.0042D174
00429A97 68 90634000 push PdSafe.00406390
00429A9C FF15 48104000 call dword ptr ds:[<&MSVBVM60.__vbaRecDe>; MSVBVM60.__vbaRecDestruct
*************************************************************
00429A37处CALL
00423A10 55 push ebp
00423A11 8BEC mov ebp,esp
00423A13 83EC 0C sub esp,0C
00423A16 68 C6154000 push <jmp.&MSVBVM60.__vbaExceptHandler>
00423A1B 64:A1 00000000mov eax,dword ptr fs:
00423A21 50 push eax
00423A22 64:8925 0000000>mov dword ptr fs:,esp
00423A29 81EC BC000000 sub esp,0BC
00423A2F 53 push ebx
00423A30 56 push esi
00423A31 57 push edi
00423A32 8965 F4 mov dword ptr ss:,esp
00423A35 C745 F8 D013400>mov dword ptr ss:,PdSafe.004013D0
00423A3C 8B75 08 mov esi,dword ptr ss:
00423A3F 33C0 xor eax,eax
00423A41 8945 E8 mov dword ptr ss:,eax
00423A44 8945 D8 mov dword ptr ss:,eax
00423A47 8945 C8 mov dword ptr ss:,eax
00423A4A 8945 B8 mov dword ptr ss:,eax
00423A4D 8945 A8 mov dword ptr ss:,eax
00423A50 8945 98 mov dword ptr ss:,eax
00423A53 8945 88 mov dword ptr ss:,eax
00423A56 8985 78FFFFFF mov dword ptr ss:,eax
00423A5C 8985 68FFFFFF mov dword ptr ss:,eax
00423A62 8985 38FFFFFF mov dword ptr ss:,eax
00423A68 8B06 mov eax,dword ptr ds:
00423A6A 50 push eax
00423A6B FF15 28114000 call dword ptr ds:[<&MSVBVM60.__vbaR8Str>; MSVBVM60.__vbaR8Str
00423A71 DC0D C8134000 fmul qword ptr ds: ; ST=16432652,DS=7(相乘得115028564)
00423A77 8D4D D8 lea ecx,dword ptr ss:
00423A7A 8D55 C8 lea edx,dword ptr ss:
00423A7D 51 push ecx
00423A7E 52 push edx
00423A7F DC25 C0134000 fsub qword ptr ds: ; st=115028564,ds=6(相减得115028558)
00423A85 C745 D8 0500000>mov dword ptr ss:,5
00423A8C DC0D B8134000 fmul qword ptr ds: ; st=115028558,ds=9(相乘得1035257022)
00423A92 DC05 B0134000 fadd qword ptr ds: ; st=1035257022,DS=2(相加得1035257024)
00423A98 DD5D E0 fstp qword ptr ss: ; st=1035257024
00423A9B DFE0 fstsw ax ; AX=0
00423A9D A8 0D test al,0D
00423A9F 0F85 39010000 jnz PdSafe.00423BDE
00423AA5 FF15 6C114000 call dword ptr ds:[<&MSVBVM60.#613>] ; MSVBVM60.rtcVarStrFromVar
00423AAB 8D45 C8 lea eax,dword ptr ss:
00423AAE 8D4D B8 lea ecx,dword ptr ss:
00423AB1 50 push eax
00423AB2 51 push ecx
00423AB3 FF15 84104000 call dword ptr ds:[<&MSVBVM60.#520>] ; MSVBVM60.rtcTrimVar
00423AB9 8D55 A8 lea edx,dword ptr ss:
00423ABC 8D45 B8 lea eax,dword ptr ss:
00423ABF 52 push edx
00423AC0 6A 01 push 1
00423AC2 8D4D 98 lea ecx,dword ptr ss:
00423AC5 50 push eax
00423AC6 51 push ecx
00423AC7 C745 B0 0900000>mov dword ptr ss:,9
00423ACE C745 A8 0200000>mov dword ptr ss:,2
00423AD5 FF15 90104000 call dword ptr ds:[<&MSVBVM60.#632>] ; MSVBVM60.rtcMidCharVar
00423ADB 8D95 38FFFFFF lea edx,dword ptr ss:
00423AE1 8D4D 88 lea ecx,dword ptr ss:
00423AE4 C785 40FFFFFF 7>mov dword ptr ss:,PdSafe.00406C7>
00423AEE C785 38FFFFFF 0>mov dword ptr ss:,8
00423AF8 FF15 68114000 call dword ptr ds:[<&MSVBVM60.__vbaVarDu>; MSVBVM60.__vbaVarDup
00423AFE 8B06 mov eax,dword ptr ds: ; 机器码->EAX
00423B00 8D55 88 lea edx,dword ptr ss:
00423B03 52 push edx
00423B04 50 push eax ; 机器码入栈
00423B05 FF15 18104000 call dword ptr ds:[<&MSVBVM60.__vbaLenBs>; 计算机器码长度保存到EAX
00423B0B 8D8D 78FFFFFF lea ecx,dword ptr ss:
00423B11 50 push eax
00423B12 51 push ecx
00423B13 FF15 F0104000 call dword ptr ds:[<&MSVBVM60.#607>] ; MSVBVM60.rtcStringVar
00423B19 6A 01 push 1
00423B1B 8D95 78FFFFFF lea edx,dword ptr ss:
00423B21 6A 01 push 1
00423B23 8D45 98 lea eax,dword ptr ss:
00423B26 52 push edx
00423B27 8D8D 68FFFFFF lea ecx,dword ptr ss:
00423B2D 50 push eax
00423B2E 51 push ecx
00423B2F FF15 40104000 call dword ptr ds:[<&MSVBVM60.#660>] ; MSVBVM60.rtcVarFromFormatVar
00423B35 8D95 68FFFFFF lea edx,dword ptr ss:
00423B3B 52 push edx
00423B3C FF15 20104000 call dword ptr ds:[<&MSVBVM60.__vbaStrVa>; 去掉ST最后一位得103525702
00423B42 8BD0 mov edx,eax ; EAX=103525702
00423B44 8D4D E8 lea ecx,dword ptr ss: ; EDX=103525702
00423B47 FF15 88114000 call dword ptr ds:[<&MSVBVM60.__vbaStrMo>; MSVBVM60.__vbaStrMove
00423B4D 8D85 68FFFFFF lea eax,dword ptr ss:
00423B53 8D8D 78FFFFFF lea ecx,dword ptr ss:
00423B59 50 push eax
00423B5A 8D55 98 lea edx,dword ptr ss:
00423B5D 51 push ecx
00423B5E 8D45 88 lea eax,dword ptr ss:
00423B61 52 push edx
00423B62 8D4D A8 lea ecx,dword ptr ss:
00423B65 50 push eax
00423B66 8D55 B8 lea edx,dword ptr ss:
00423B69 51 push ecx
00423B6A 8D45 C8 lea eax,dword ptr ss:
00423B6D 52 push edx
00423B6E 8D4D D8 lea ecx,dword ptr ss:
00423B71 50 push eax
00423B72 51 push ecx
00423B73 6A 08 push 8
00423B75 FF15 24104000 call dword ptr ds:[<&MSVBVM60.__vbaFreeV>; MSVBVM60.__vbaFreeVarList
00423B7B 83C4 24 add esp,24
00423B7E 9B wait
00423B7F 68 C83B4200 push PdSafe.00423BC8
00423B84 EB 41 jmp short PdSafe.00423BC7
00423B86 F645 FC 04 test byte ptr ss:,4
00423B8A 74 09 je short PdSafe.00423B95
~~~~~~~~~~~省略~~~~~~~~~~~~~~~
———————————————————————————————————————————
【Crack_总结】:
机器码:016432652
注册码:103525702
页:
[1]